Configure a password security policy

Last updated:2021-10-29 17:57:25

This topic describes how to configure security policies for IAM users to ensure account security.


  1. Log in to the IAM console.

  2. In the left navigation pane, choose Setting > Security Settings.

  3. On the Security Settings page, click Change in the Password Security Settings section.

  4. In the Password Security Settings panel, set the required parameters.
    (1) Save MFA Logon Status for 7 Days: specifies whether to allow IAM users to keep the multi-factor authentication (MFA) devices logged in for seven days. This parameter is set to Not Enabled by default.
    (2) Logon Session Valid for: the validity period of the login session of IAM users, in minutes. Valid values: 15 to 1,440.
    (3) Logon Address Mask: the IP addresses that can be used to log in to the console. This parameter is unspecified by default, indicating that all IP addresses can be used for login. If a mask is specified, only the IP addresses specified by the mask can be used for password login or single sign-on (SSO). However, IAM users can use their AccessKeys to call API operations for login from all IP addresses regardless of the mask setting.

  5. Click OK.

Did you find the above information helpful?

Mostly Unhelpful
A little helpful
Very helpful

What might be the problems?

Unclear or awkward
Redundant or clumsy
Lack of context for the complex system or functionality

More suggestions


Please give us your feedback.


Thank you for your feedback.